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General Steps 


1- 


2- 


5 


3- 


4- 


5 - 


6 - 


7- 


Installation: Packages: samba, samba-client, samba-doc, kdebase3-samba, 
yast2-samba-client, yast2-samba-server. 
kdenetwork3-lan, kdenetwork3-lisa. 


Auto-start at Boot-up: insserv smb nmb : Sets the smb and nmb in run levels 3 & 


insserv -r smb nmb :removes smb and nmb from run levels 


Samba TCP/UDP Ports 


smbd (port 139-TCP) Shares and printers data transfer 
nmbd (ports UDP: 445,137,138) WINS, WINS Proxying, Browsing, 

Broadcast answer: His NETBiosname -> IP 
Manual start/stop of Samba: rcsmb {start |stop|restart|reload|status} 


rcnmb {start |stop|restart |reload | status} 


Create Linux users for Samba only: 
mkdir /etc/empty; useradd -1 -mk /etc/empty -s /bin/false username 


Create Samba users: 
Important: Make sure each new samba user is already as a system user before proceeding. 
(Not needed if encrypt passwords = no and ClearTextPassword is set in windows clients registry ) 
smbpasswd -a username Adds a new samba username 
(-a Disables user -e Enables user -x Deletes user -U Update existing user ) 
NOTE: All upper/lowercase of usernames characters must match between 
Windows users and Linux/Samba users. First character might not matter ;). 
- To transfer only the user's list from /etc/passwd to /etc/samba/smbpasswd 
then issue the command: 
cat /etc/passwd | /usr/share/samba/script/mksmbpasswd.sh \ 
> /etc/smbpasswd 
This above command will only transfer the user's list and not the passwords. 
Clean-out the system users from the file then for each of the transfered users use: 


smbpasswd -U username to enter each of their samba passwords. 
Deleting a samba account: 
smbpasswd -x username to delete a samba user from smbpasswd file 


Help 


See below: Appendix -I-Typical samba configuration of /etc/samba/smb.conf 


- Make sure samba-doc package is installed 
- To get help on parameters: 
From SuSE 7.0 to 7.3 and SuSE 9.1 on: 
/usr/share/doc/packages/samba/htmldocs/smb.conf.5.html 
From SuSE 8.0 to 9.0 
/usr/share/samba/swat/help/smb.conf.5.html 
- or read the all help files via swat 
- Testing samba configuration and listing all the default configurations: 
testparm | tee /etc/samba/smb.conf.all | less 


Note: The Sharenames should be without space and no longer than 13 chars. 


The NetBlOS(max 15 characters) names can also include: @ # $ 3% * & () - tt}. ~ 
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8- Checking listening ports (137,138,139) and Searching for SMB Hosts 
netstat -ltunp | egrep ":137 |:138 |:139" (Shows listening ports) 
findsmb [BroadcastAddr] or findsmb workgroup (Shows SMB hosts) 

Sign before names: +=LocalMaster Browser *=Domain Master Browser 
nmblookup '*'|cut am -f1|xargs nmblookup -Alegrep "ALooking\<| 
03\>" 
smbstatus (shows the used shares and the client hosts that are using them) 


9 - Testing local samba with smbclient: 
smbclient -N -L LocalIPNumber (local host IP or localhost) 


Testing a remote SMB server (samba or windows) 
smbclient -L //ServerNetbiosName or //IP/ShareName -U UserName 
eg. smbclient //laptop/freddata -U fred -D photos -c ls 
shows the list(1s) of the directory photos in freddata shareon laptop 
The password from fred will be asked, and then use the typical ftp like commands. 
(eg. cd, led, pwd, 1s, put, mput, get, mget, del, rename, mkdir, 
rmdir, chown, chmod !Befehl, exit, quit 


10 - Mounting SMB shares on a local Directory 
On older systems: 
mount -t smbfs //ServerNetbiosName-or- 
IP/ShareName /MountPoint \ 
o username=username, password=password, workgroup=workgroup 


eg. mount -t smbfs //laptop/public /mnt \ 
-o username=john, password=hallo, workgroup=ms01 
On new systems (eg. openSuSE 10.2) 
mount -t cifs //ServerNetbiosName-or-IP/ShareName /MountPoint \ 
-o username=username, password=password, workgroup=workgroup 


orin /etc/fstab 


//ServerNetbiosName/share /MountPoint smbfs username=username, password=password 0 
0 


then mount MountPoint as root to mount the share....sorry no chance to mount as user. 


//ServerNetbiosName/share /MountPoint cifs 
noauto, username=username, password=password 0 0 
then as root to mount the share....sorry no chance to mount as user. 
mount MountPoint 


Unmounting SMB share: 
umount MountPoint 


11 - Log files are in: /var/log/samba/log.smbd and 
/var/log/samba/log.nmbd 


12 - Extra Linux smbi/cifs clients programs to connect to Windows or Samba shares: 
xsmbrowser From www.samba.org. Needs tel expect and expectk packages 


konqueror - Delivered with KDE-3. needs packages: 
kdebase3-samba, kdenetwork3-lan, 
kdenetwork3-lisa. 
- Needs to set-up LISA in KDE Control Center 
eg. smb:/sambal/linux03/test 


LinNeighborhood (on SuSE CD) 


64_Samba_Course.sxw - 5 


Linux-Kurs Themen - 64_Samba_Course - Jan 9, 2007 Michel Bisson 


- May have to add a Master Browser as localhost 

- Need to set suid to /usr/bin/smbmnt and /usr/bin/smbumount 
to allow normal users to mount the shares. 
Command: chmod u+s /usr/bin/smbmnt /usr/bin/smbumount 


smb4k - Graphic SMB Client for KDE. Very good. from smb4k.berlios.de 
Note: As root do the commands: 
chmod u+s $(which smbmnt) 
chmod u+s $(which smbumount) 


smbc - SMB Commander. Get from internet as RPM and install. 
Similar design as Midnight Commander 


SuSE smbfs run level service: 
- Mounts at boot time all the remote smb shares that are listed in: 
/etc/fstab and /etc/samba/smbfstab (if it exists) 
- smbfstab file format: 
service moint-point vfstype options 
eg. //server/testdir /data/test cifs username=tridge, password=foobar 


- Command to mount/unmount the shares: 
rcesmbfs {start |stop|restart |status} 

Note: From SuSE 10.2, the command rcsmbfs start mounts also the cifs 
shares in /etc/fstab automatically. 


14 - Using swat: 
- If using inetd as Superdaemon then: 
Enable the line "swat" in /etc/inetd.conf (Delete the '#' at start of line) 
Restart the inetd daemon - rcinetd restart 
- If using xinetd as Superdaemon then: 
Change the following line in /etc/xinetd.d/samba (SuSE8.0-9.0) 


or in /etc/xinetd.d/swat (SUSE9.1 and up) 
disable = yes 
to disable = no 


Comment the line: only_from = 127.0.0.1 (to allow from network) 
Restart the xinetd daemon - rcxinetd restart 


- To use swat enter the following address in a browser: 
http://localhost:901 name = root and its 'root password" 


15 - Using webmin: get the latest rpm version of webmin(www . webmin . com) and install it. 
http://localhost:10000 name = root and its 'root password" 


16 - Sending messages to Windows clients: 
echo " My Message..... i | smbclient -M WindowsClientName > /dev/null 


smbclient will use the port 445 to send the message. 


For receiving messages from Windows clients: 
- Samba server MUST be installed and running 
- Install the program linpopup or kpopup and insert the following line in the smb.conf 


message command = /opt/kde3/bin/receivepopup '%s' '%£'; 
or message command = /opt/kde3/bin/linpopup '%s' 'Sf'; 


17 - Other means of transfering data: (see 90_Network_File_Transfer.sxw document) 
- FTP, NFS, mc 
- Using sshd (as server) + clients: mc(from SuSE 8.2 andon), scp, 
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- Using rsync: rsync on client and sshd and rsync on server 
- Windows programs using sshd (on the server): 
pscp From Putty(Free) 
WinSCP.exe From Winscp,(Free) (Based on Putty) http://winscp.vse.cz 
sshclient.exe From SSH Secure Shell(Not free) http://www.ssh.com 
mindterm.jar Java graphic secure shell and copy client. (runs also on Linux) 
Needs java runtime engine on client. 


18 - Extra programs related to Samba: 
samba-vscan Virtual file system modules connected to samba to provide 
on-line file virus scanner. It interfaces with some well known Anti- 
Virus software. 
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Typical Configuration of smb.conf 


Server Global Options 


[global] 
workgroup = WORKGROUP 
kernel oplocks = false ; TCP protocol fine tuning parameters 
socket options = TCP_NODELAY 
printing = cups ; Printing system. We use cups here but also possible: 

; bsd, sysv, plp, lprng, aix, hpux, qnx, cups 
printcap name = cups ; Where is the file listing the printer queues and capabilities 
load printers = yes ; All printer names will be presented as shares? 
encrypt passwords = yes ; Use the encrypted samba passwords instead of linux passwd 
null passwords = no ; Do we allow users having empty passwords to access shares 
security = user ; Users are logged-on once and identified as so for all shares 

= share ; Everybody is allowed to all shares. It needs the setting: 
valid users= usernamel username2.. to limit users. 

= server ; Samba asks a password server to validate the user. 

= domain ; Samba asks an PDC server to validate the user. 

; Note: Both server and domain need also the setting of: 

; password server = PWServerNetBIOSName 
guest account = nobody ; What usename will guests use in Linux 
map to guest = Bad Password ;- Accepts any wrong login is a guest user. 

= Bad User ; - Good name and bad password is refused, 
Bad name and bad password is accepted as guest 
os level = 2 >; WfW/Win95/98 =1 NT-Desktop=17 NT-Server = 33 
local master = yes ; Samba (nmbd) is the Local Master Browser ? 
preferred master = yes ; Force a new election for Master Browser when samba starts? 
wins support = no ; Samba is a WINS server ? (Imhosts contains data) 
# wins server = 192.168.1.1 ; IP Number of a WINS server if any exists in the network 


# Interfaces or networks that samba will respond to 
interfaces = eth* etho 192.168.2.10/24 192.168.3.10/255.255.255.0 
loglevel = 7 ; Log levels possible 1 to 7 : 1 minimal, 3 normal, 7 a hell of a 
; lot 


Standard Shares (share names are reserved only for these purposes) --------- 


[homes ] 
comment = Heimatverzeichnis 
browseable = no ; Name of user share seen by other users ? 
read only = no ; Cannot write ? (same as writable=yes) 
create mode = 0750 ; ANDed with 0766(default) to set the files access rights 


[printers] 
comment = All Printers 


browseable = no ; Seen as a directory share? (absolutely NO !) 

read only = yes ; We can save files there ? (absolutely NO !) 
printable = yes ; We can send print jobs to it ? (absolutely yes !) 

public = yes ; Usable by all users including guests ? 

directory = /tmp ; Where the print jobs will be saved before they are printed 
create mode = 0700 ; Allow only owners to do anything to these saved print jobs 
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Normal Shares: 


[cdrom] 
comment = CD-ROM 
path = /media/cdrom 
writeable = no 
locking = no 
public = yes 
[LaserJet] 
printable = yes 
printer = laserjet 
printing = cups 
read only = yes 


valid users = paul 


Michel Bisson 


; Example of a typical share 


; Path of the share 

; Preventing trying to write on CDROMs. (same as read only=yes) 
; Prevent samba from locking the accessed files while opened 

; Usable by all users including guests ? (sameas guest ok = yes) 


; Single Printer share settings if load printers = no 
; Here the user paul is the only one allowed to use this printer. 


‚Same as writeable = no 


List of extra usefull share parameters: 


Global area: 


hosts equiv =/etc/hosts.equiv ; List of the hosts and users allowed without passwords.(Global) 


Shares (services) area: 
path = /var/pc/%m 


path = /var/users/%u 


create mode = 0740 


max connections = 4 


max disk size = 100 


directory mode = 0751 


force create mode = 0740 
force directory mode = 0750 


hosts deny = 192.168. 


hosts allow = 


valid users = 
write list = 


john sophie 
marie @admin 


read list = marie @shipping 


follow symlinks = no 
wide links = no 


preexec = LinuxCommand 
root preexec = LinuxCommand 


; File Format: ClientFQDNHostname UserName 


; Each machine gets its own share directory 
; (directory must exist and must be all in lowercase characters) 
; Each user gets its own share directory (user dir. must exist) 


; Mode ANDed with Windows(rw/ro) and 0766 for file creation 
; Default = 0744 

; Allow only up to 4 connections per share 

, Good for CDROMS access(Can burn the CDROM otherwise) 
; Limits the size of this share to 100 MB 

; 0 = Unlimited(till end of partition space!!!) 

; Mode ANDed with Windows(rw/ro) and 0755 for Dir. creation 
; Default = 0755 

; Forces all the files to have this mode when created 

; Forces all directories to have this mode when created 


; Hosts that are not allowed to acces the share. 
; Valid values: ALL, FQDN, IPAddr, NetAddr/Netmask, Partial IP 
; Often used in combination with hosts allow 


150.203. EXCEPT 150.203.6.66 


; Allows all hosts clients with IP starting with 150.203. 

; except the host which has the IP 150.203.6.66 

; Valid values: ALL, FQDN, IPAddr, NetAddr/Netmask, Partial IP 
;hosts allow takes priority over hosts deny if conflicting. 

; Sets the only users allowed access to the share. 

; Only these users or group(@) are allowed to write to the share 
; Normally combined with writeable = no 

; These users or group(@) are limited to rear-only to the share. 

; Normally combined with writeable = yes 


; Doesn't permit to follow symbolic links. Default is yes 
; Limits following symbolic links to inside the share tree.(Def=yes) 


; Runs a command as user before access to a share 
; Runs a command as root before access to a share 


postexec = LinuxCommand ; Runs a command as user before closing access to a share 


root postexec = LinuxCommand 


; Runs a command as root before closing access to a share 
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Samba as Windows 95/98 longon server 


1) Enterthe following [global] settings an 


If only Authentication and no logon scripts are needed, the [netlogon] 


directory are still needed but can be empty. 


[global] 
logon script =%u.bat 
domain logons yes 


[net logon] 
path 
public 
read only 
browseable 


/etc/samba/netlogon/ 
no 


yes 
no 


d [netlogon] share. 
share and its 


2) Create Clients Logon scripts(if needed) using a Windows editor (RC/LF at end of lines) and 


save them as username.bat in the dir. (p 
host. 


ath =) of the [netlogon] share in samba 


Example of logon script content: (/etc/samba/netlogon/mario.bat) 


net use G: 


\\sambasrv\mario 


eg. (right click)Network Neighborhood 


Set-up the Windows 95/98 clients for Domain logon: 


> Properties ----> 


Clients for Microsoft Networks ---> Properties ---> 
- (click) Logon to an NT Domain 


- Enter the Domain name 


Example in German Windows 98 


Konfiguration | Identifikation | Zugriffssteuerung | 


2x! 


Die folgenden Netzwerkkomponenten sind installiert: 


E Client für Microsoft-Netzwerke 
if AMD PCNET-Familie Ethernet Adapter (PCI-ISA)} 
if AMD PCNET-Familie Ethernet Adapter (PCI-ISA) 
i? DFU-Adapter 


4 TCP/IP -> AMD PCNET-Familie Ethernet Adapter (PCI-IS4 xj 


> 


Hinzufügen... | Entfernen | Eigenschaften | 


Primäre Netzwerkanmeldung: 


| Client für Microsoft-Netzwerke i | 
Datei- und Druckerfreigabe... | 


Beschreibung 
Der Client für Microsoft-Netzwerke ermöglicht das Verbinden 
mit anderen Microsoft Windows-Computern und -Servem 
sowie das Verwenden von Dateien und Druckern, die auf 
diesen freigegeben sind. 


OK | Abbrechen | 


4) What does Windows at start-up: 


2] xl 


Eigenschaften von Client für Microsoft-Netzwerke 


‚Allgemein | 


- Anmeldebestätigung - 


Wenn Sie sich anmelden, wird Ihr Kennwort von 
einer Windows NT-Domäne bestätigt. 


Windows NT-Domäne: 


[sam BAI 


m Netzwerkanmeldeoptionen 
@ Schnelle Anmeldung 


Sie werden angemeldet, Netzverbindungen 
werden aber erst bei Zugriff wiederhergestellt. 


© Anmelden und Verbindungen wiederherstellen 


Beim Anmelden stellt Windows sicher, dass die 
Verbindungen verwendet werden können. 


Abbrechen | 


Windows 95/98 should authenticate through the samba server(using samba users 
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accounts), get its logon script(if it exists) from samba [net logon] share and run it. 
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Samba as Primary Domain Controller(PDC): 


This PDC setting only allows NT/Win2k to logon and get their profiles. 
To add Win95/98 Logons, add the settings of above section called: 
Samba as Windows 95/93 longon server 


1) Enter the following [global] and [profiles] sections: 


[global] 

domain master = yes ; Samba is PDC ? 

logon path = \\%L\profiles\%U ; \Localhost\ProfilesShare\UserName 
[profiles] 

path = /var/samba/profiles 

browseable = no 

writable = yes 

create mode = 0700 


directory mode = 0700 


Note: The [profile] share is a hidden share needed to store the users profiles sent and 
read from the NT/W2k clients.(Personal system setups and access rights of Windows 
clients) 


Things to do in Samba system 
« Create a user in linux for each NT machine: 


useradd -d /dev/null -s /bin/false MachineName$ ('S'is 
important!!) 

smbpasswd -a -m MachineName$ Ja nn 

smbpasswd -a root Only needed for Win2000/XP to first time join to domain. 


Recommended: Not the same as system root password) 


« Create a user account for each user with an empty home directory: 
mkdir /etc/empty 
useradd -mk /etc/empty -s /bin/false UserName 
smbpasswd -a UserName 


e Create the profiles directories: 
mkdir -p /var/samba/profiles 
chmod 777 /var/samba/profiles 


+ Join the domain from NT/Win2000/XP for the first time: 
NT (right click)Network Neighborhood ----> Properties ----> Identification ---> 
Click Change----> Select Domain---> Enter DomainName 
DO NOT select 'Create computer account’ ..account already exist. 


WIN2000/XP (right click)MyComputer ---->Network Identification----> Properties ----> 
More ---> Unselect 'Change primary DNS suffix....' ---> OK 
Select Domain---> Enter DomainName--->Enter Computer Name ---> 
OK----> Enter Name(root) and password(samba root passwd) --->OK 
REBOOT 


e What does Windows do at first Login: 
The first time the NT/Win2000/XP user logs in and logs out, samba saves all the 
NT/Win2000/XP user's environment profile in the /var/samba/profile/<UserName>/ 
directory. 
The NT users will not be forced to get this profile each time they login. To force the NT 
users to get his profile from Samba, then rename the file: NTUSER.DAT to NTUSER.MAN. 


When the NT/Win2000/XP user logs in, this Homes share will be automatically mapped to a 
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network drive on his machine. 
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Samba as Primary Domain Controller(PDC) and Printer drivers server for Win2000: 


This configuration sets samba as : File Server - Print Server 


e 


> 


PDC - Master Browser - Win95/98 Logon Server - Win2K Printer Driver server. 


On Linux: 
. You need samba Version >= 2.2.1a 
. Create a new group ntadmin as a printer administrator group 
. Create a user account for the printer administrator with: passwd -g ntadmin 
. Add the same user account with smbpasswd -a ntadmin 
. If not added yet: smbpasswd -a root otherwise Win2000 can not connect to the 
Domain the first time. It is probably adviseable to not give the same password as the 
original password under linux. 
6. Add an account for every host (with a $ at the end): 
useradd -s /bin/false -d /dev/null hostname$ 
7. Add the same account in smbpasswd: 
smbpasswd -a -m hostname$ 
8. Create a structure for the profiles and the drivers: 
mkdir /home/samba/ 
cd /home/samba 
mkdir netlogon profiles printers 


akwWN = 


chown :ntadmin printers 
chmod 775 printers 
chmod 777 profiles 
mkdir printers/W32X86 printers/WIN40 
The drivers will be copied from APW in a subdirectory of W32X86. 
9. Modify /etc/samba/smb.conf with all entries for the PDC, print$ etc. 
10.Create a script /usr/bin/addprinter that will create a printer 
11.Add with visudo the possibility for printer administrators to reload samba: 
Cmnd_Alias RCSMB=/etc/init.d/smb 
madmin THIS_HOST=NOPASSWD:RCSMB 
12.Add SystemGroup ntadmin in /etc/cups/cupsd.conf and reload cups. 


On Windows2000 


Join the domain with user root, (Settings - System - Network Identification). Then reboot. 
Log in as a printer administrator in the domain 

Click on the Network Neighborhood und search for your samba server 

Click on the samba server folder and then on the printer folder 

Click on the Add Printer Wizzard (APW) and install a printer. You need of course some 
drivers for this. Don't print a test page, it doesn'work. 

You should now be able to see your new printer. 

if you get an "access denied", this mean your script addprinter doesn't work. 

Go to the regular "Printers" folder in the "Settings" and add a new network printer (the 
one you just uploaded). This time, the drivers will be copied from samba to your win2k 
directory: X: WINNT\System32\spool\drivers\W32X86\... 

Print a test page, that's it! 
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« File /etc/samba/smb.conf: 


[global] 
workgroup = STARS 
server string = Linux Samba PDC Server %v 
socket options = TCP_NODELAY ; Some TCP fine tuning stuff (3 lines) 
kernel oplocks = false 
keep alive = 30 
debug level = 2 ; Lest get some info on how it goes 
security = user ; User is authenticated once for all shares 
guest account = nobody ; All our guests are Mr. nobody 
map to guest = Bad User ; Known user name but bad passwd is refused 
encrypt passwords = yes ;Our encrypted passwords are in smbpasswd file. 
printing = cups ; Here we use CUPS Printing system 
printcap name = /etc/printcap 
load printers = yes ; We want to see all the availabe printer 
printer admin = @ntadmin ; Users from group ntadmin are printers admins. 


; Script to execute when a printer is added through the APW from Win2K 
addprinter command = /usr/bin/addprinter ; Content shown below 


local master = yes ; We can be Local Master Browser 
os level = 64 ; We make sure WE are the Master Browser. 
preferred master = yes ; Lets provoke a Browser election at start-up 
domain logons = yes ; We are a logon server for Win95/98/2K/XP 
domain master = yes - We are a PDC 
logon path = \\%L\Profiles\%u ; Where the profiles will be stored 
logon drive = H: 
logon home = \\3L\%u 
logon script = %u.bat ; logon scripts name: eg. michel.bat, 
joe.bat 
[net logon] ; Share for logon scripts storage 
path = /home/samba/netlogon ; Where in Linux the logon scripts will be stored 
writeable = no ; Used only to read from windows clients 
writelist = ntadmin ; Only the user ntadmin can write in this directory. 
browseable = no ; This share is hidden from the browse list. 


; Share for storing user profiles 
[profiles] ; Share for profiles storage 

path = /home/samba/profiles ; Where in Linux the Windows profiles will be 
stored 


writeable = yes ; Windows clients write their profiles here 

browseable = no ; This share is hidden from the browse list. 

create mask = 0600 ; Profile files are readable only by their owners 

directory mask = 0700 ; Profile dirs. are readable only by their owners 
[print$] ; Share for storing printer drivers 

path = /home/samba/printers ; Where in Linux the drivers will be stored 

public = yes ; Usable by all windows clients incl. guests 

browseable = yes 

read only = yes ; Normal users cannot write here 


write list = Administrator,madmin, root ; But some users can write here 
directory mask = 0775 


[homes] ; Each uwindows user gets a private share 
comment = home directory 
browseable = no ; Sharename not seen in the browser list 


64 _Samba_Course.sxw - 15 


Linux-Kurs Themen - 64_Samba_Course - Jan 9, 2007 Michel Bisson 


read only = no ; Users can write in their own share 

create mode = 0750 ; The content is readable by own group 
[printers] 

comment = all printers 

browseable = no 

printable = yes 

public = no ; The Printers not available to guests, only to valid users 

read only = yes 

create mode = 0700 


# 


a 
P 
# 
e 
e 
e 


directory = /tmp 


File /usr/bin/addprinter 


!/bin/sh 

Name: /usr/bin/addprinter 

Authors: Pierre Burri & Michel Bisson 

Date: 7-0ct-2001 

This script adds a CUPS printer (Postscript) from Windows2000 APW 
with Samba Version 2.2.la. (APW = Add Printer Wizard) 


Parameters given by the APW: 


$1 = printer name 

$2 = share name 

$3 = port name 

$4 = driver name 

$5 = location 

$6 = windows 9x driver location 


smb_pr_dir="/home/samba/printers" 


ddpr_log="$smb_pr_dir/addprinter.log" 
rint_port="parallel:/dev/1p0" 


Cho "N==3-22 2722 ------" >> Saddpr_log 
cho "date : `date`" >> Saddpr_log 
cho "all parameters : 1=<$1> 2=<S2> 3=<S3> 4=<S4> 5=<$5> 6=<S6>" \ 


>> Saddpr_log 
Extract the PPD file name 


driver=$ (grep -lr "$4" Ssmb_pr_dir/W32X86 |head -1) 


e 


cho "driver name : <$driver>" >> Saddpr_log 


Add the printer to cups 


/usr/sbin/lpadmin -p $2 -P Sdriver -L "$5" -v Sprint_port -E \ 


>> $addpr_log 2>>1& 
Reload samba (with the SuSE Linux script) 


sudo /etc/init.d/smb reload 


S 


leep 3 
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Samba Tips and tricks: 


- Logs the share access in the /var/log/samba-access.log file. 


root preexec = echo "User %u at Host %m running %a has logged \ 
in %S on %T" >> /var/log/samba-access.log 
RESULT: %u Sm $a SS ST 


User admin at Host toshiba running Win2K has logged in MYSHARE on 2003/05/03 
18:52:30 


- Sends a message to the host that has accessed a share. 
preexec = echo "You have accessed the share %S" \ 
| /usr/bin/smbclient -M %m > /dev/null 


e Use another password server(NT/Win2K/XP) for samba users authentication: 
security = server (ordomain if PWserver is a PDC) 
password server = NetBIOSPasswordServerName 


e Synchronizing passwords files /etc/passwd and /etc/samba/smbpasswd, by using 
smbpasswd command only. 
NOTE: Doesn't always work on all Linuxes, especially in SuSE :-( 
First the passwd is changed (as root rights) then smbpasswd. 


unix password sync = yes 
passwd program = /usr/bin/passwd %u 
passwd chat = *New*password* %n\n *new*password* %n\n *changed* 


« Translate Windows users to Linux Users 
username map = /etc/samba/smbusers 
Content of smbusers file: 
LinuxInternalUser = Windows Logon Users (may have multiple names) 


eg. !root = Administrator Admin 
!michel = "michel bisson" michael 
‘marie = marieanne 
!joe = joanne 
guest = * 


In this case the Windows client logging on as Administrator or Admin will be 
seen as samba root user. His home share will be /root and so on. Even if 
Administrator already exists as a samba user, he will be seen as root user. 
Simply said: samba translates immediately the entered name in Windows Client by 
the one given here in the file if it finds it. 


Exception: If samba uses an external logon server(security = server or 
domain) then the username entered in Windows will be passed-on to the password 
server. 

The '!' indicates that samba should stop searching the file if any name is matching. 
The '*' indicates that all names will be translated to the samba user guest. 

In this above case, samba will translate the given name and stop the file search at 
the first match. If the name is not found then it will translate any name to the samba 
guest user. If the '*' is not used in the file then no need to have the '!’ otherwise 
they are needed. The line with the '' should always be at the end of the file. 
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Special characters in filenames of Windows shares with smbmount: 
To make sure that the special characters in the filenames are handled properly when 
mounting a Windows share in Linux via the smbmount, we need to make sure that 
the mounting options in smbmount are setting the right type of characters and 
codepage. To do that we need to do the following: 
In Windows DOS box, issue the command: 

chcp 
This will give the codepage. eg. 850 


Then in the command smbmount include the following options: 
iocharset=utf8, codepage=cp850 

eg. 

smbmount //SERVER/share /mnt/server -o iocharset=utf8, codepage=cp850 
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Meaning of Magic(%x) characters in smb. conf 


%S = The name of the current service, if any. 

%P = The root directory of the current service, if any. 

%u = Username of the current service, if any.(real user) 

%g = Primary group name of %u. 

%U = Session user name (the user name that the client wanted, not necessarily the same as 
the one they got). The user name is allways in lowercase characters. 

%G = Primary group name of $U. 

%H = The home directory of the user given by Su. 

%v = The Samba version. 

%h = The internet hostname that Samba is running on. 

əm = The NetBIOS name of the client machine (very useful). 

%L = The NetBIOS name of the server.This allows you to change your config based on what 
the client calls you. Your server can have a "dual personality". 

%M = The internet name of the client machine. 

%N = The name of your NIS home directory server.This is obtained from your NIS auto.map 
entry. If you have not compiled Samba with the --with-automount option then this 
value will be the same as %L. 

%p = The path of the service's home directory, obtained from your NIS auto.map entry. 
The NIS auto.map entry is split up as "SN:%p". 

%R = The selected protocol level after protocol negotiation. It can be one of 
CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. 

%d = The process id of the current server process. 

%a = The architecture of the remote machine.Only some are recognized, and those may not 
be 100% reliable. It currently recognizes Samba, WfWg, WinNT and Win95. Anything 
else might be known as "UNKNOWN". 

%I = The IP address of the client machine. 

%T = The current date and time. 


Operations on Windows Machines 


Check the SMB Shares listing of the server 
net view \\NetBIOSServername 


To MAP a DOS drive to a Samba share (Normally used in Logon Scripts) 
net use DOSDrive: \\NetBIOSServername\ShareName 
e.g. net use F: \\SERVER\MYSHARE 


To MAP a Local Printer Queue to a samba Printer 
net use Lptl: \\NetBIOSServername\PrinterName 
Note: The local printer port setting should stay connected to LPT1 (physical 
LPT port) but will be rerouted to the samba printer through the above command 


EXTRA INFO from NetBIOS Environment (available names and groups and their services offered) 
nbtstat -a NetBIOSServername (service list of smb host) 
nbtstat -c (list of SMB hosts on the network...well almost all) 
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Useful Directives: 
Logs the share access in the /var/log/samba-access.log file. 


root preexec = echo "User %u at Host %m running %a has logged \ 
in %S on %T" >> /var/log/samba-access.log 
RESULT: %u Sm $a SS ST 


User admin at Host toshiba running Win2K has logged in MYSHARE on 2003/05/03 18:52:3 


path = /var/users/%u Each user gets its own share directory 
(user dir. must exist) 


hosts deny = 192.168. Hosts that are not allowed to acces the share. 
Valid values: ALL, FQDN, IPAddr, NetAddr/Netmask, 
Partial IP. Often used in combination with 
hosts allow 


hosts allow = 150.203. EXCEPT 150.203.6.66 
Allows all hosts clients with IP starting with: 
150.203. except the host which has the IP 
150.203.6.66 
Valid values: 

ALL, FQDN, IPAddr, NetAddr/Netmask, Partial IP 

hosts allow takes priority over hosts deny 
if conflicting. 


valid users = john, sophie 
Sets the only users allowed access to the share. 


write list = marie, @admin 
Only these users or group(@) are allowed to write to 
the share. Normally combined with 
writeable = no 


read list = marie, @shipping 
These users or group(@) are limited to rear-only to 
the share. Normally combined with 
writeable = yes 


After having done a few normal shares, show the above directives, configure the 
following conditions in Samba server: 


- Common share [www] where 2 HTML programmers working on the same project. 
peter and martin 
They also should also have their own home directory with Read/Write access. 


- One exchange share [transfer] for all to: 
- Read and Write files and directories 
- Not allowing others to delete or change files or directories belonging to others. 
- Delivery area computers(dozent computers) should not be allowed in this area 


HHHHHHHH For the advanced students 

- Need a log for this area 

- Only paul and marie should have access this area from Conference room 
PC. 


- Normal workers should have their own home directories. Create 2 samples user of it. 
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Solution: 
- 2 programmers working on the same files: peter andmartin 

Commands: 
groupadd prog 
mkdir -m 775 /www 
chgrp prog /www 
mkdir -p /etc/leer/public_html 
useradd -mk /etc/leer -s /bin/false -g prog peter 
useradd -mk /etc/leer -s /bin/false -g prog martin 
smbpasswd -a peter 
smbpasswd -a martin 


in /etc/samba/smb.conf 

[www ] 
Comment = Arbeitsplatz fuer peter und martin 
path = /www 
public = no 
writable = yes 
valid users = peter martin 
force create mode = 0664 
force directory mode = 0775 


- Transfer directory for all. Restriction: nobody can change other user's files 
Commands: 
mkdir -m 1777 /var/transfer 


in /etc/samba/smb.conf 


[transfer] 
Comment = Gemeinsame Transferplatz 
path = /var/transfer 


public = yes 
hosts deny = 172.16.11.27 172.16.11.200 
writable = yes 
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